Operational Risk Management...

18 February 2018

Trust is on the minds of almost every American as they read the Washington Post these days. Reading a publication that utilizes a set of standards for journalism, may address part of your "Trust Decision" to depend on this source for your information.

Reading this Operational Risk blog, you understand that the words and opinions are not under the same editorial guidelines and grammar rule sets as the authors and journalists at the Washington Post. The sentences and thoughts are being written freely however, by someone who you may know of, yet how do you really validate that the words were actually written by the assumed author?

At an early age in school, as a young student, your teacher at some
point assigns that work called an essay, a short piece of writing that
tells a person's thoughts or opinions about a subject. Regardless of
the topic assigned by the teacher, when the work is turned in to the
teacher, they are assuming it was written by that particular student. Unless they
have doubts.

The trust you put into the author of words
written in an essay for a class, or an article in the established news
papers, has for decades relied on the integrity of institutions and the
validation of persons true identities. Yet as the typewriter replaced hand
written documents, so too did the act of using another person's words or
ideas without giving credit to that actual person : the act of plagiarizing
something.

When you read this Washington Post article, you assume that the words are actually from the journalist:

"Efforts to reconstruct the Russian conspiracy to sway 2016’s presidential election benefited from the digital trails left behind whenever people travel, make payments or communicate using common technology such as Facebook or Gmail. Such breadcrumbs provided plentiful evidence for Friday’s indictment by the special counsel of the Internet Research Agency and 13 Russian associates.

But even as the disinformation campaign from two years ago finally came into focus, it was far from clear how to prevent future bids to distort American politics.

U.S. intelligence agencies warned this week that the federal government remains ill equipped to combat Russian disinformation even as crucial midterm congressional elections loom this fall. And technology companies, while cooperating with federal investigators, acknowledge that they still struggle to detect and thwart foreign propaganda without impinging on the free-speech rights of Americans."

Now in the age of computing, word processing and the Internet, the integrity of written words by a person is in question? The origin and authenticity of the actually words that are written by a human on paper, a typewriter or computer such as these, is now in question?

"Information Warfare has three main issues surrounding it compared to traditional warfare: The risk for the party or nation initiating the cyberattack is substantially lower than the risk for a party or nation initiating a traditional attack. This makes it easier for governments, as well as potential terrorist or criminal organizations, to make these attacks more frequently than they could with traditional war.Information communication technologies (ICT) are so immersed in the modern world that a very wide range of technologies are at risk of a cyberattack. Specifically, civilian technologies can be targeted for cyberattacks and attacks can even potentially be launched through civilian computers or websites. As such, it is harder to enforce control of civilian infrastructures than a physical space. Attempting to do so would also raise many ethical concerns about the right to privacy, making defending against such attacks even tougher.The mass-integration of ICT into our system of war makes it much harder to assess accountability for situations that may arise when using robotic and/or cyber attacks. For robotic weapons and automated systems, it’s becoming increasingly hard to determine who is responsible for any particular event that happens. This issue is exacerbated in the case of cyberattacks, as sometimes it is virtually impossible to trace who initiated the attack in the first place.[5]"

These words are being written by a human being. His name is Peter L. Higgins. Or are they? The art and science of the truth has been evolving for hundreds of years. What will we invent next, to validate our identities, provide assurance that the words written are actually human, and not of an Artificial Intelligence (AI)?

Whether the words you read are being written by a human-based "troll factory" in St. Petersburg or by a specialized Artificial Intelligence is not the point of this essay. Then what is the point?

You have to make judgements as a human being about who to trust. What to trust. How to trust. Why to trust. This is a foundation of our human evolution. Trust takes time. TrustDecisions and the decision to trust someone or something, is actually a factor of science, mathematics and history.

Reading, writing and a decision to trust, is an Operational Risk. True or False?

10 February 2018

When was the last time you revisited the 95 theses of the Cluetrain Manifesto? There are some nuggets here that remain timeless, even though they were written over 16 years ago. Here are some of the classics:

Markets are conversations.

Markets consist of human beings, not demographic sectors.

People in networked markets have figured out that they get far better information and support from one another than from vendors. So much for corporate rhetoric about adding value to commoditized products.

There are no secrets. The networked market knows more than companies do about their own products. And whether the news is good or bad, they tell everyone.

Your own "downsizing initiatives" taught us to ask the question: "Loyalty? What's that?" Smart markets will find suppliers who speak their own language.

Companies make a religion of security, but this is largely a red herring. Most are protecting less against competitors than against their own market and workforce.

To traditional corporations, networked conversations may appear confused, may sound confusing. But we are organizing faster than they are. We have better tools, more new ideas, no rules to slow us down.

We are waking up and linking to each other. We are watching. But we are not waiting.

In a hyperlinked, social networked, iPhone rich society the authors and founders of the Cluetrain Manifesto must have had a crystal ball. The "end of business as usual" has been accelerating and the exponential explosion of zero's and one's has produced a global economy.

Just look at the saturation of IP connections across the planet Earth and you will see where the capital is flowing and the societal impact is obvious.

"A powerful global conversation has begun. Through the Internet, people are discovering and inventing new ways to share relevant knowledge with blinding speed. As a direct result, markets are getting smarter—and getting smarter faster than most companies."

So what? So what does all of this have to do with Operational Risk Management?

It has to do with the pervasive vulnerability that an organization perpetuates, without the correct attitude and policies about managing risks. Theft of trade secrets, corporate espionage, competitive intelligence and loss of intellectual capital as the head hunters feast on your key employees to name a few.

Global enterprises with deep hierarchy in the organizational chart, continue to wonder how their best people have left and who leaked the information on the next big idea.

How would you ever put enough policies, tools, systems, training or behavior modification in place to stop the flow of new hyperlinks through your own corporate IntraNet or the public bulletin boards and social networking web sites? The fact is that you can't.

You’re a sales rep in the Southwest who has a customer with a product problem. You know that the Southwest tech-support person happens not to know anything about this problem. In fact, (s)he’s a flat-out bozo. So, to do what’s right for your customer you go outside the prescribed channels and pull together the support person from the Northeast, a product manager you respect, and a senior engineer who’s been responsive in the past (no good deed goes unpunished!). Via e-mail or by building a mini-Web site on an intranet, you initiate a discussion, research numbers, check out competitive solutions, and quickly solve the customer’s problem -- all without ever notifying the "appropriate authorities" of what you’re doing because all they’ll do is try to force you back into the official channels.

Game. Set. Match. Managing Operational Risks in the 21st century requires a whole new perspective. A brand new definition of the new "Normal."

03 February 2018

After reading the Washington Post on February 3, 2018, there is little debate in our world capitals, that we are on the edge of a digital precipice.

Mobile devices in the hands of humans, has exponentially changed the transnational landscape for our communications forever. Yet this digital precipice is just inches away from a tremendous chasm in our cultural, social and legal way of life.

Every organization, now has substantial Operational Risks to manage, within the context of their group, company, enterprise, government and even family. This alone is not a revelation. However, if you are a Mother, Father, Brother or Sister, you are constantly challenged by the kinds of risks that plague anyone who dares to explore and utilize the benefits of the modern day Internet.

Our children are growing up faster, as they are exposed to the dark side of life, the evil that is present in our world. They witness violence, revenge and all of the other negative attributes of society faster than ever before.

The outcomes of mother nature and our natural disasters are always front and center. The digital controls and censors of broadcast television are no longer pervasive across the content and web sites available, to those who know how to navigate our IP-based digital oceans.

Operational Risk Management (ORM) is now each persons responsibility. It is no longer in the hands of a few people, in a few departments at your organization. It is not the role of a single person in your household, to make sure the family router is configured correctly.

If you are holding your latest "Digital Device" in your hand, or tapping away on the keyboard of your new lap top it is your decision to "Give" or to "Take."

Over a year ago, Adam Grant wrote his book. To get some context in 13 minutes, you can watch this YouTube of his Ted Talk.

We have for years been exposed to the concepts of "Pay It Forward" or even other concepts of reciprocity. The real question is: Are you a "Giver or a Taker?" You might be surprised to learn what Adam Grant's research uncovers.

So what?

The ethics and morals that are embedded in you at an early stage of your life, will most likely continue. The influence your Mother and/or Father or early childhood caregiver provided you may have made a difference. Maybe it was an old book they read to you, or someone asked you to read.

We all know that the words, content, pictures, videos and ideas on the other side of that tiny digital screen in your hand, is nothing more than a mirror, of our own human behavior. Good or deleterious.

How will you use this iPhone tool today, to be a "Giver or a Taker?" There might even be another option. Turn it off and put it in a drawer. At least for a few hours...but could you for a whole day?

When was the last time you donated your time, expertise, abilities or resources? What will you do right now, to make a difference on the third planet from the Sun...

20 January 2018

Modern Day Operational Risk Management, requires a multi-skilled and versatile individual. Someone who understands the difference between "Information Warfare" and "Cyberterrorism." And if you were born after 1980 and part of Generation Y, then you might even have more insight on how Sam Fisher has managed his way through unimaginable risks throughout his career as a Splinter Cell operative.

You understand why Homeland Security is evermore focused on HUMINT and our national security is ever so vulnerable to an increasing reliance on the Internet Protocol (IP).

Information warfare is an attack against computers, networks, or information systems to coerce or intimidate a government and its people. These attacks result in violence against people or property and generate fear.

Attacks that disrupt nonessential services or create a costly nuisance are not considered information warfare. Cyberterrorism results in severe effects such as death, bodily injury, explosions, plane crashes, water contamination, severe economic loss, and so on.

Information warfare is easily and most effectively waged against civilians. Because of its size and reliance on technology, no nation is as vulnerable to information warfare as the United States. Information warfare can be waged anonymously, or with all the publicity in the world.

If were born before 1960 and you fall into the "Baby Boomer" category, you better spend some time with your "Generation Y" kids or nieces or nephews, if you want to better understand what is now coming over the threat horizon. There are Global Hawks and Predators seeking out their targets with skilled aviators located thousands of miles away.

These tools and systems of warfare are easily turned in our own direction and now Homeland Security finds it nexus with some new Operational Risk challenges. Accomplished authors such as P.W. Singer writes about "What happens when science fiction becomes battlefield reality"?

"If issues like these sound like science fiction, that’s because many of the new technologies were actually inspired by some of the great scifi of our time ­ from Terminator and Star Trek to the works of Asimov and Heinlein. In fact, Singer reveals how the people who develop new technologies consciously draw on such sci-fiction when pitching them to the Pentagon, and he even introduces the sci-fi authors who quietly consult for the military.

But, whatever its origins, our new machines will profoundly alter warfare, from the frontlines to the home front. When planes can be flown into battle from an office 10,000 miles away (or even fly themselves, like the newest models), the experiences of war and the very profile of a warrior change dramatically. Singer draws from historical precedent and the latest Pentagon research to argue that wars will become easier to start, that the traditional moral and psychological barriers to killing will fall, and that the “warrior ethos” ­ the code of honor and loyalty which unites soldiers ­ will erode."

Homeland Security professionals and new recruits to the various public and private sector organizations are ever more savvy and vital to managing the risks of the coming decades. Technology and the newest inventions of the human mind are consistently applied for the purpose of good and the well being of our fellow man. We are consistently pushing the outside of the envelope to fly farther and faster, even if it means becoming a "Fusion Man."

"Swiss adventurer Yves Rossy flew from France to Britain Friday propelled by a jetpack strapped to his back -- the first person to cross the English Channnel in such a way.

Rossy, a pilot who normally flies an Airbus airliner, crossed the 22 miles between Calais and Dover at speeds of up to 120 mph in 13 minutes, his spokesman said.

When the white cliffs of Dover came into view, he opened a blue and yellow parachute and drifted down in light winds to land in a British field where he was mobbed by well-wishers.

"Everything was perfect," he said afterwards. "I showed that it is possible to fly a little bit like a bird."

Rossy traced the route of French aviator Louis Bleriot, who became the first person to fly across the Channel in an aircraft in 1909.

The Swiss pilot was propelled by four kerosene-burning jet turbines attached to a wing on his back. He ignited the jets inside a plane before jumping out more than 8,000 feet above ground."

We suspect that Mr. Rossy has hired some very competent lawyers to work on his patents and licensing of intellectual property. By now, it all may be classified and Sam Fisher is taking his first test flights.

13 January 2018

Situational awareness (SA) involves being aware of what is happening around you to understand how information, events, and your own actions will impact your goals and objectives, both now and in the near future. Lacking SA or having inadequate SA has been identified as one of the primary factors in accidents attributed to human error .

What you know and when you know it, can make the difference between life and death in the context of real-time emergency management and tactical response operations. However, it can also provide you with the intelligence you need to save lives and avoid new risks as a more sudden and real-time threat unfolds.

Whether it's the active shooter, disgruntled employee or an international hotel under siege, it should not matter. Let's take a minute and look at a sample time line on the Mumbai attacks in India November 26th, 2008 as one example from a situational report:

Look at the time stamps and the lag time between each one. The person writing these bullets for a "Flash" message to subscribers or people asking for text based updates, was either not using all of the potential assets available to them, or they just did not think there was any relevance of the other information unfolding. This example of 2008 "Situational Awareness" reporting is not only dangerous and a thing of the past, it's letting the "Grey Matter" get in the way.

So what about the public? Is Periscope and #NEWS hash tags the answer?

The problem with most "Situational Awareness" capabilities is that the subject matter experts, commanders in the SOC/NOC, or the business CEO 2,000 miles away, are letting the "interpreters" on the street in the heat of the crisis, determine what is important. The second issue and until the past few years, is that the information is not "Real-Time":

Seamless and secure tracking and communication among mission planners, field personnel, and central command elements are essential to mission success. Raytheon's Blackbird Technologies Gotham™ system is a comprehensive back-end solution for monitoring, operating, and managing tagging, tracking, and locating (TTL) devices and viewing associated geospatial data. A Common Situational Picture for Military and Emergency Operations

With the ability to track assets and targets — and to communicate with team members and devices — Gotham enables networked team decision-making, control of resources, shared resource dispatching, and adaptability to change based on operational requirements.

In a disaster, communication among emergency responders and control of needed assets are vital to the safety and security of personnel and the public, as well as the effective execution of the disaster response mission.

07 January 2018

The true sign of intelligence is not knowledge but imagination. --Albert Einstein

In the past 17 years, over 50 percent of the largest industrial companies have been extinguished from the Fortune 500. Some were acquired, others bankrupt, many others merged to survive. Have you noticed the trend line on the stock price of General Electric this past year?

Digital Transformation and potential extinction is the single unanswered factor on every CEO's mind today. As massive data sets become exponential in size, pervasive in geographic reach and utilize a wide spectrum of sensors from mobile phones to C4ISR, the Operational Risk parameters are even more complex.

Decision Advantage is the lofty goal and the speed to answers and insight is evermore the ultimate competition. The words "innovation" and "disruption" are being used to describe something that is far more scientific and evolutionary. The World Economic Forum has an initiative called the "The Fourth Industrial Revolution" and the 48th annual meeting this month is entitled: Creating a Shared Future in a Fractured World.

So what?

The CEO's of this world are on edge. They wonder if they will have enough intellectual and operational transformation in this digital and fractured world to survive. They worry about the new born threats of the digital age such as ransomware, block chain and artificial intelligence. Welcome to the conversation around the C-Suite and the new normal.

Yet who better to capture the essence of why this matters, than Jeffrey Ritter:

"When the information you need to make decisions is controlled, the quality of your decision is controlled and the possible outcomes from which you can choose slip from your control. Where there is less information, your decisions become vulnerable. As an executive, an IT architect, an investment manager, an educational director, or even a parent, your job is to lead with good decisions. You want your decisions to be ones that others will follow. But those ambitions erode when those fighting the war to control digital information are winning."

What is the cloud? Your information on another organizations computer. The race for faster decision advantage has now transformed to the race for the fastest TrustDecisions. Decisions executed on trusted information is why we have the wave of new technologies embedded with encryption, biometrics and even Multi-Factor Authentication (MFA).

Digital Transformation in your enterprise changes your reason for existence. The answers in many cases will be more about your people, not the technology. It will require bold action and sweeping personal imagination. The definition of imagination:

...the act or power of forming a mental image of something not present to the senses or never before wholly perceived in reality.

The trustworthiness of your future decisions are at stake. The imagination of the people around you is a limiting factor. As the CEO of your Fortune 500 company or the leader of your Series A startup, the time has come for your transformation...

31 December 2017

On the dusk of the last day of 2017, many people will reflect on what they have accomplished over the past year. Others may focus on what they will change, in their daily routines for the New Year. How many people do you know, that will pledge to do something as a resolution and never have a chance to succeed?

With 52 weeks in a year, what could you do every week at least once, for a few hours? Or what could you do on a daily basis that changes your life forever? There is a different opportunity for each person to choose. Regardless of your place in life, your country, economic situation or remaining days on Earth, you can make a choice.

The choice you make is a decision. A decision based upon experience, current conditions, future expectations or available data. When you arrive at that point, to make a decision to rise early and take a run or a ride, or to write a blog post, or to hug your trusted loved one at least once each day, you are well on your way.

"This I Believe" are 3 powerful words when you embark on this journey ahead. Who you are and what you believe as an individual, will have a substantial impact and influence on your future decisions.

This I Believe exists for those who have made a decision of transparency. A way for us as individuals, to describe our essence as a human being and who we are:

"This I Believe, Inc., was founded in 2004 as an independent, not-for-profit organization that engages youth and adults from all walks of life in writing, sharing, and discussing brief essays about the core values that guide their daily lives.

This I Believe is based on a 1950s radio program of the same name, hosted by acclaimed journalist Edward R. Murrow. Each day, Americans gathered by their radios to hear compelling essays from the likes of Eleanor Roosevelt, Jackie Robinson, Helen Keller, and Harry Truman as well as corporate leaders, cab drivers, scientists, and secretaries—anyone able to distill into a few minutes the guiding principles by which they lived. These essayists’ words brought comfort and inspiration to a country worried about the Cold War, McCarthyism, and racial division.

In reviving This I Believe, executive producer Dan Gediman said, “The goal is not to persuade Americans to agree on the same beliefs. Rather, the hope is to encourage people to begin the much more difficult task of developing respect for beliefs different from their own.”

Maybe this is the year, you will write your own "This I Believe" essay. The outcomes may surprise you. The focus for this next year may now become 20/20 in the clarity of your vision. Yet there is an opportunity to go further. Make a decision to share this essay with others you care about. Ask others to share their own "This I Believe" with you. Why?

Transparency is vital to building trust with others. At the root of making a Decision to Trust is transparency of data, information, emotions, behavior and clarity of purpose. Why you make a decision to write and share your "This I Believe" with others, is a TrustDecision.

Embark on your journey ahead. Start with a clear and substantial purpose, where you have been and where you are going in life. Open your heart to others and share your beliefs. Forgiveness is a decision. It is the decision to offer grace, not to demand justice.

You now have 52 weeks ahead this year, to create and to produce, according to your core beliefs.

24 December 2017

As you gather this weekend with family, friends and loved ones to celebrate, what will your prayers be? Will you shed a tear at some point, as the emotions of the holiday overwhelm your senses? How will you focus on the real meaning of Christmas?

"She will bear a son, and you shall call his name Jesus, for he will save his people from their sins." - Matthew 1:21

Remember and reflect all that you have done. All that you have
accomplished this past year of 2017, following the faith and in the name
of our savior. Onward...

17 December 2017

As we begin to look into the rear view mirror these last few weeks of 2017 and scan the horizon of 2018, Operational Risks are ever more so present.

Whether you are a leader of a global organization or the sole bread winner of your single parent household, the management of risk is a daily priority. Even getting enough sleep is a risk to health and well being.

So what are you going to do about 2018 and managing risk in your life? Your company. Your nation. Operational Risk Management is a discipline that can be mastered and those who will excel in the next few years understand what is at stake. Unfortunately, many people and organizations will not have the wisdom, experience or resources to survive the onslaught of new threats and to mitigate existing vulnerabilities.

"Achieving a substantial level of competence and resilience in Operational Risk Management takes decades of experience in seeing the mistakes. Witnessing the tragedy. Feeling the successful outcomes of a solid process for sense making. Using information in ways that we never dreamed about. Turning speed into your greatest ally."

Your ability to thrive in 2018 and beyond will rest with your leadership and the ability to adapt. Yet even beyond this fundamental reality is the continuous discipline to effectively accept more risks. The organizations and those individuals who rise to the 2% or even 1%, took more risks than you did. The question is, why?

Accepting a risk means that you have to think through the real potential outcomes. Both positive and negative. And you have to make the decision to accept each risk action at light speed. Otherwise, it is too late.

This is not a game of spending too much time trying to figure out odds and percentages. It is a professional decision to act, while not knowing the exact future outcome. What you do know, is the clear result of a positive outcome and even more importantly, you know the result of a negative outcome.

Can you live with either outcome? If the answer is yes, then you should consider yourself a true Operational Risk Professional. Now make the decisions faster, before someone else makes it before you do...

The cyber offensive against ISIS, an acronym for the Islamic State, was a first and included the creation of
a unit named Joint Task Force Ares. It focused on destroying or
disrupting computer networks used by the militant group to recruit
fighters and communicate inside the organization. Such offensive weapons
are more commonly associated with U.S. intelligence agencies, but they
were brought into the open in 2016...Washington Post by Dan Lamothe

We wish you an abundance of new and rapid Operational Risk decisions in 2018!

10 December 2017

The U.S. Department of Defense (DoD) is in the middle of substantial Operational Risk Management discussions behind closed doors, in light of new threats and new priorities. The majority of the Intelligence Community budgets are under the DoD umbrella and in a new world order, subjected to the mobile ICT revolution that is erupting before us. Does Twitter and other social media tools present the need for a new paradigm shift in the future evolution of the Intelligence Community (IC)? Consider this flashback analysis:

Abstract"This paper analyzes the role of situational information as an antecedent of terrorists’ opportunistic decision making in the volatile and extreme environment of the Mumbai terrorist attack. We especially focus on how Mumbai terrorists monitored and utilized situational information to mount attacks against civilians. Situational information which was broadcast through live media and Twitter contributed to the terrorists’ decision making process and, as a result, increased the effectiveness of hand-held weapons to accomplish their terrorist goal. By utilizing a framework drawn from Situation Awareness (SA) theory, this paper aims to (1) analyze the content of Twitter postings of the Mumbai terror incident, (2) expose the vulnerabilities of Twitter as a participatory emergency reporting system in the terrorism context, and (3), based on the content analysis of Twitter postings, we suggest a conceptual framework for analyzing information control in the context of terrorism."

The Mumbai attackers could have used open source social media even more to their advantage and this is what the Intelligence Community (IC) continues to leverage as the Arab Spring(s) continue, civil war escalates in Syria and other ICT-enabled regions of conflict emerge. The tools are becoming more optimized to the kinds of applications necessary to deal with these new Operational Risks. What may continue to be the greatest vulnerability, is the economics. The ability to invest in and provide training for the new generation of cyber warriors and HUMINT collectors. Are the Trusted Systems and Networks in place integrated with the latest Commercial-Off-The-Shelf (COTS) software riding on encrypted networks?

The convergence of mobile, cloud and big data is the single IT transformation issue in governments and the private sector. The IC and DoD realize that the only way to survive and to be more resilient, is to close or converge data centers with legacy hardware and software. Simultaneously accelerating the onboarding to private sector assets, that have also been certified and accredited. The next vulnerability being discussed, is how to acquire enough of the existing energy grid to support the requirements for cooling the vast data centers under construction and getting access to dark fibre. Bluffdale has been just one example:

"Inside, the facility will consist of four 25,000-square-foot halls filled with servers, complete with raised floor space for cables and storage. In addition, there will be more than 900,000 square feet for technical support and administration. The entire site will be self-sustaining, with fuel tanks large enough to power the backup generators for three days in an emergency, water storage with the capability of pumping 1.7 million gallons of liquid per day, as well as a sewage system and massive air-conditioning system to keep all those servers cool. Electricity will come from the center’s own substation built by Rocky Mountain Power to satisfy the 65-megawatt power demand. Such a mammoth amount of energy comes with a mammoth price tag—about $40 million a year, according to one estimate."

This is the kind of capability that will remain exempt from the threat of limited funding or future austerity in the new world order of mobile, cloud and big data. The introduction of tools or services such as Silent Circle, Wickr, Signal and others will only add to the Operational Risk challenges of the next decade. Privacy will become a sought after luxury, only available to those with the means or the latest set of consumer-based communications tools. Either way, the senior executives of private sector critical infrastructure companies are under the spot light. They own the majority of the ICT assets and therefore have the most to win. Unfortunately, they also have the most to lose.

The future of the DoD and the IC will be determined by the success or failure of the cooperation, coordination and collaboration of men and women with a unity of purpose. Patriots who will continue to do the right things for the right reasons. The future is now about resilience and competitiveness. Lets get to work!

02 December 2017

Creating a "Common Operational Picture" for your organization is an elusive yet attainable goal for your senior management and the Board of Directors. How at a moments notice does the organization provide leadership with the answers to Operational Risk questions such as:

How many employees from our company are currently traveling outside your home country?

What are their modes of transportation and where do they plan to stay each night?

What employees from our "Red Zone" list have left the company in this past week?

How many of these employees left suddenly without any warning?

What employees were asked to resign or were fired from their position?

What controls have failed in the process for closing deals within our standard time period?

How much has our sales pipeline increased or decreased over the past quarter?

What is the total number of network access points (Points of Presence) our company currently believes are available for employees to connect to the Internet?

How many known incidents occurred over the past week related to malicious software attacks or Denial of Service attempts on our network?

How many employees started work with the company who have been added to the "Red Zone?"

What are the names of the local liaison officials for our water, power, telecom and data carrier suppliers? Who is their deputy?

How often has the company exercised a plan for major business crisis or disruption in the past year?

What is the current forecast for severe weather in the corporate headquarters region in the next week?

These questions and more should be able to be answered at a moments notice. Any senior manager or member of the Board of Directors should have an information dashboard they can view with these situational awareness questions at their finger tips.

If you don't have the latest Operational Risk Quotient in your enterprise it may be a clear indicator that the people, process, systems or external events are a severe threat.The corporate landscape or battlefield if you will requires that the commanders in the field have the intelligence they require to make split second decisions.

These Directors, Managers, Supervisors that drive the business forward each day need leadership to give them split second answers, especially in the midst of a crisis. There is not time for a Q & A session or for an extended report to give leadership the view they need to steer the enterprise out of harms way.

Operational Risk Managers rely on a combination of real-time feeds from internal sources and outside the organization to provide this level of situational awareness. CCTV feeds, access controls, intrusion detection, and many more are part of the Corporate Intelligence Unit's own Fusion Center.

Why is this a prudent business practice to assist you in "Achieving a Defensible Standard of Care" for your employees? Because without it you are flying blind and trying to operate without the awareness and predictive ability to mitigate risks as they unfold before you.

Whether it is on the battlefield or your own organization does not matter. Your people need to understand their role in providing this vital aspect of the risk management solution. Without hourly by the minute or second intelligence about your people, processes, systems and external events you are destined for a future either known or unknown. You make the choice.

25 November 2017

When was the last time you traveled outside your own country or beyond? The discovery of new places, environments and the opportunity to experience other cultures is a key factor in gaining new context. The learning and the observations of how other people behave and how things work in other countries, provides additional insights to your own social and economic factors.

What works in one organization, city, county or country may not be enough to make a difference in other places around the globe. The limits, the parameters or the laws may work in one geographic location and simultaneously have little relevance or importance somewhere else. This could be due to environmental factors, culturally historic issues or just simple critical infrastructure, either present or non-existent.

Who do you respect past or present, for their ability to imagine something new, something different, something better or something that has never been thought of before? People with limited imaginations have not experienced what these thought leaders have seen, heard and felt both physically and emotionally around the world.

Over time, the transport vehicles included animals (horses, elephants, camels) boats, ships, balloons, automobiles, aircraft and spacecraft. The intellectual vehicles we use to take us other places by people who have been there include books, newspapers, television, radio, movies and the Internet.

Think about the people you interact with each day. How limited are their imaginations? Have they traveled far and wide across the world? Are they well read in the latest current events, world issues and global challenges? What opportunities have they been given in their lives to witness our planet, witness what humans are really capable of doing? What has all of this done to give them purpose in life?

Did you ever wonder how someone you read about or see in life, got to where they are? If you are asking yourself that same question, you must be wondering what ingredients they used, so that you could try and pursue the same path, or perhaps avoid it all together. Is it curiosity? Is it courage? Is it resources? Is it faith? Is it environment? Is it a mystery?

You see, the truth is, you still have the ability for limitless imagination. Why haven't you explored it yet...

18 November 2017

There is a growing threat on the business horizon. The risk of loss from inadequate or failed processes, people, and systems or from external events is taking executives by storm. This definition of Operational Risk also includes legal risk, which is the risk of loss from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of institutions activities.

In the course of a single day the organizational exposure to threats ranges from low to severe on the horizontal axis. It isn’t until you put the vertical spectrum into consideration that you arrive at your “Operational Risk Profile” for that particular slice of time. This vertical axis is the range of consequences that would impact the business should the threat event actually occur. It ranges from minor to disastrous. Each day our organizations live in a dynamic spectrum of tolerable and intolerable threats to our most precious corporate assets.
The Mission
The organization shall develop, implement, maintain and continually improve a documented operational risk management system. Identify a method of risk assessment that is suited for the organizations business assets to be protected, regulatory requirements and corporate governance guidelines. Identify the assets and the owners of these assets. Identify the threats to those assets.

Identify the vulnerabilities that might be exploited by the threats. Identify the impacts that losses of confidentiality, integrity and availability may have on the assets. Assess the risks. Identify and evaluate options for the treatment of risks. Select control objectives and controls for treatment of risks. Implement and operate the system. Monitor and review the system. Maintain and improve the system.
The Take Away
While you were in the Board of Directors meeting, your Operational Risk Profile changed. When you were asleep last night it changed again. The people, processes, systems and external events are interacting to create a new and dynamic threat matrix for your organization. Who is responsible for Operational Risk Management in your business? Everyone is.

You see, if everyone in the organization was able to understand and perform the mission flawlessly, then the business could stay in the lower left quadrant. This is where the threat exposure is low and the consequences are minimal. This is exactly why you are spending less and less time here. Only a guarded few understand the mission of operational risk management in your company. Only a guarded few can do it flawlessly. If you want to protect your corporate assets better than you do today, then turn those guarded few into the mission ready many.

11 November 2017

It is Veterans Day 2017 and all of those who understand what that means, are thinking about it. Some out loud and for others, it is an internal battle of thoughts and emotions.

November 11 is a day that some families are sad about. It is a day that so many other Americans think is just another day off. Yet others think about that 1%, who now defend and serve our country. Who are they and what are they truly feeling on Veterans Day?

If you really know anything about the life of a Veteran, you probably know that life inside the military changes you. Just as working within any major organization for 2, 4+ or even an entire career, will impact your life in some way.

Spending that duration of time with others who served, whether inside the United States Army, Air Force, Navy, Marines or Coast Guard will affect your way of thinking about our country and our "Flag of Stars and Stripes"waving at the top of a pole, or "Old Glory" only raised to half staff. What does the sound of 21 seconds of "Reveille" remind you of? Does a particular place or time in your life come into view?

The "One Percent" (1%) and those family members who surround and support them, know what Veterans Day is really all about. It is unique for everyone in some special way and across America, you see pockets of how it is celebrated and expressed in words on social media and even in full page advertising in the Washington Post.

Hopefully you are in good spirits and you have a smile on your face today, as you experience another November 11th! Our country is strong and our Department of Defense is there to protect the freedoms our nation is founded upon.

You have contributed your time, hard work and devotion to so many, and we may never know your name or sacrifice. Thank you to the "One Percent"...

05 November 2017

As a leader in your organization you rise each day with the
inspiration to achieve the best possible outcomes for the tasks ahead.
Your outlook is positive and your goals are well communicated on what
solutions you bring to the market you serve. The course is charted and
the plans are in place for you to execute your strategy with your team.

How
well the day unfolds as anticipated and whether the tasks are completed
on time and as planned is still uncertain. Why? We are human. Humans
have been studied by scientists and doctors since the beginning, to
better understand our behavior. What are they capable of and when is a
machine better suited to a particular physical task or complex calculations?

As
we invented new tools and machines to saw down trees, pound nails, dig holes
and harvest our food, we wanted to continuously innovate. We learned to
adapt and to adjust these tools to accommodate new challenges, new
environments and new hypotheses. We learned to improvise and new
brilliant researchers and inventors brought us automobiles, vaccines, airplanes, computers and even space travel.

Along our path of human progress there has been a tremendous amount of testing and
experimentation. We like to try to see what works and what doesn't.
Our curious nature keeps us seeking new ways to achieve the same
outcomes, yet maybe faster or at a lower expense. Economic prosperity or
failure is in the hands of global markets. How is the market performing
today?

Yet as you navigate your small and specific path, you have choices to make. Decisions on how you will spend your
finite time to make your life better or to make a difference for
others. Your team, the company you manage, the agency you command or
the country you lead, is counting on you.

The people,
processes, systems and external events you encounter ahead, are
comprised of hundreds of Operational Risks, that span a widening spectrum.
There is a high degree of certainty today, that you will encounter a
myriad of actions, changes, deviations and climatic events that will
challenge you. These operational risks are not always known in advance,
yet there are many that you already know about.

Mitigating
risks and making decisions to improve your life and your organization
are all in your control. How many people have written best selling
books to teach you how to do this? How many Big Five Accounting firms
have written reports and raised red flags for you, your owners, or operators
and shareholders?

So what?

The
decisions you make today, will make a difference. A "Trust Decision"
has a model. Deciding to trust is not a singular event. More
precisely, it is multiple decisions occurring in sequence. To quote Jeffrey Ritter:

"Every
trust decision is a determination to trust an object, person, group,
system, device, or information asset to be used to accomplish a specific
task."

The more you study and understand "Trust
Decisions" the greater knowledge you gain on your spectrum of daily
Operational Risks. This is because you know what the steps are in your
particular trust decisions model and accordingly, you can
calculate the risks to achieving the desired outcomes.

"On
Monday, October 30th at 3:34 p.m., SpaceX successfully launched the
Koreasat-5A satellite from Launch Complex 39A (LC-39A) at NASA’s Kennedy
Space Center, Florida. Following stage separation, Falcon 9’s first
stage successfully landed on the “Of Course I Still Love You” droneship,
stationed in the Atlantic Ocean. Falcon 9 delivered the Koreasat-5A
satellite to its targeted orbit and the satellite was deployed
approximately 36 minutes after liftoff."

While your team or organization may not have the breadth or depth of "Trust Decisions" that SpaceX
has on a daily basis, your decisions are not a singular event. What is
your particular "Trust Decision Model?" How well do you know how each
component of that model will perform today? Have you done enough
testing, witnessed enough failures and now know the possible outcomes for
each part of that model?

The new rules for your organization at the speed of light, your TrustDecisions are out there...go discover them.

28 October 2017

What are the known vulnerabilities in your enterprise architecture? We will come back to this question.

Asymmetric Warfare across the globe spans a digital Internetwork that has it's roots fostered in openness and with little regulation. We are in many instances within real possibilities of significant digital systems failures. Here is a just small window into that battlefield.

Operational Risk Management (ORM), is a mature discipline that you and your organization shall embrace, study, expand and continuously support. One facet of Operational Risk, the Information Technology (IT) systems in your enterprise, is not part of an evolution any longer. It has become a pervasive and mobile social revolution, that is now accelerating beyond your comprehension.

Let's put it another way. Known but unmitigated vulnerabilities, will likely be the origin of your demise, failure, damage, ruin and loss of precious assets. Why do you let it continue?

You and your organization are on the edge, operating each day with peoples lives, reputations and Personal Identifiable Information (PII) at stake and even the livelihood of the enterprise itself.

Whether that is your family, business, state or even your country, you can do something more to address your known vulnerabilities. Do you know who, what and where they are in your enterprise?

When you hear the name "Equifax" today, what do you think? Data security breach, correct? What about these organizations:

Whole Foods Market Services, Inc.

Discover Financial Services

Transamerica

Hyatt Hotels

Northwestern Mutual Life Insurance Company

Wells Fargo Advisors

Sprint

Massachusetts Mutual Life Insurance Company

Sharp Memorial Hospital

Virgin America

The Neiman Marcus Group

Keller Williams Realty, Inc.

Club Quarters Hotels

Hard Rock International

Four Seasons Hotels Limited

BMO Harris Bank NA

Bank of the West

Gannett Company, Inc.

These are all well known companies, who have reported data security breaches by law, to the State of California, over the past 6 months. There are dozens more of other organizations who are not large, well known brand names such as these. Some are as a result of the Equifax breach and organizations who were using Equifax product solutions internally. Now multiply this by 50 states.

So what?

Our Critical Infrastructure(s) in the United States are something we just take for granted. Bank ATM's on every corner, bridges across bays and rivers, trains and planes departing from even small cities, trauma hospitals, massive hotels and supermarkets, fiber communications and LTE wireless network connectivity almost everywhere.

Let's come back to where we started. What are the "Known
Vulnerabilities" in your enterprise architecture? Why are you so
certain, that your adversaries are not currently inside your network?

The resilience modernization of your particular enterprise, is going to be expensive. Mostly, because it has been patched and poorly integrated for a decade or more. In some cases, simply because your adversaries and competition are more stealthy than you are. Faster than you are. Smarter than you are. Laying in wait.

So what are you going to do about it? In your home, business, city, state, or country and beyond?

"As a highly connected nation, the United States is especially
dependent on a globally secure and resilient internet and must work with
allies and other partners toward maintaining the policy set forth in
this section. Within 45 days of the date of this order, (May 11, 2017)
the Secretary of State, the Secretary of the Treasury, the Secretary of
Defense, the Secretary of Commerce, and the Secretary of Homeland
Security, in coordination with the Attorney General and the Director of
the Federal Bureau of Investigation, shall submit reports to the
President on their international cybersecurity priorities, including
those concerning investigation, attribution, cyber threat information
sharing, response, capacity building, and cooperation." Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

You are going to find, repair and replace your known vulnerabilities. Then repeat. When you think you are finished, you can begin the next project, on your UNKNOWN vulnerabilities.

22 October 2017

The Corporate Threat Management Team (TMT) has been busy this past year and your employees are consistently seeing new and startling behavior beginning to emerge. These small and versatile task forces within corporate Operational Risk committee members include the Chief Security Officer, Human Resources (EAP), Ethics & Compliance, General Counsel and Chief Information Officer or Privacy Officer.

Assessment of threats in the workplace that include violence, sabotage, financial fraud, homicide or suicide are growing in the current economic environment and the Board of Directors are on alert. The Board has a daunting responsibility to provide the enterprise stakeholders:

Duty to Care

Duty to Warn

Duty to Act

Duty to Supervise

Threat assessment is a legal responsibility by corporate management and directors but this is not anything new per se. What may be trending upwards and at an alarming rate is the litigation associated with "Insider Threats." Just ask Dr. Larry Barton about the subject of corporate threat assessment:

"Despite sound recruitment practices, any employer may encounter situations in which colleagues are worried about their safety because of the actions or statements made by a co-worker. The person at risk could be a current employee, former associate/contractor, disgruntled customer, investor or other person who makes or constitutes a threat to your most vital resource - your human capital."

This (Threat Assessment) approach employs strategies that have been successful in a variety of situations, including:

an associate being stalked by a spouse or former partner

an employee who states that he or she is experiencing significant mental deterioration or who has thoughts of self-harm or homicide

altercations between co-workers and/or with a supervisor that are escalating in tone and severity

serious changes in attitude and performance with known or suspected substance abuse factors

social networking, blog and other means of electronically threatening an individual or team

Having personally witnessed Dr. Barton's methods and approaches, the science and his applications are sound. The strategy for implementation is based upon several decades of experience and encompasses the legal framework necessary to sustain the scrutiny of law enforcement and the courts.

The actions that are utilized to address a growing threat by a person in the workplace takes a dedicated team, with the right tools and information at their fingertips. Making split second decisions based upon a lack of documented evidence, protocol failure to a set of written policies or just the wrong timing can open the doors for substantial and costly plaintiff suits.

Achieving a Defensible Standard of Care in the reality of today's volatile enterprises requires a sound governance strategy execution combined with new resources and tools to properly prepare for those almost certain legal challenges. Combining effective "BioPsychoSocial" subject matter expertise, along with the right people from legal, security, investigations, internal audit or corporate risk management can produce successful outcomes for "At Risk" employees and the entire enterprise.

This brings us to the next point regarding how a particular employee was allowed to get to the point of "No Return" in the workplace. Put on your thinking caps for a few minutes.

Whenever you have a Threat Management Team assembling to interdict a serious danger to the company, you immediately start to converge on the motive or reason why the person has or is acting against company policy or behaving in a threatening manner. It's natural to do so, as most people want to know what's causing the issue. Be careful. What seems to be the cause is only known as the "Proximate Cause." Do you really understand the "Root Cause" of the failure of people, processes, systems or some external events?

The analysis, investigation, documentation and presentation on what happened and why is the hard stuff. Getting to the "Truth" and getting answers to the "Root Cause" requires another team of specialty practitioners. These independent, outside risk advisory professionals should not be from any current or existing corporate supplier, auditor or management consultant. They truly need to be the independent, unbiased and diligent entity to discover the truth and to document the root cause of the incident. The goal is to eliminate the future threat and to mitigate any risks that may still be "lying in wait."

Corporate Management and Boards of Directors must continue to move to the left of the proximate cause on the risk management spectrum to be preemptive, proactive and preventive.

15 October 2017

The "Leadership of Security Risk Professionals" is consistently in the news because Operational Risks within the enterprise are becoming ever more exponential. The ability for specialists in the field or the C-Suite to operate on a 24/7/365 basis is a tremendous challenge. In order to address a continuous spectrum of operational risks, we must actively monitor our culture and those behaviors that could make us lose sight of what we know is right.

At this moment, the explosion of mobile technologies has created a simultaneous set of new risks and opportunities to be leveraged. Each human asset in your organization is another node in your digital ecosystem of connected machines. The person now has the ability to stream live video from their mobile phone camera back to an Emergency Operations Center (EOC) or become an active participant in Irregular Warfare (Security, Development, Governance). All they require is the correct App on their smart phone and 3G connectivity. How the leaders in the enterprise that are charged with the risk management functions operate, collaborate and share relevant information, is just as important as what information.

In the private sector, as the leader of the HR functions responsible for hiring and terminations of employees, you are in the nexus of Operational Risk Management (ORM) and legal compliance. The threats and vulnerabilities you experience and are accountable for mitigating, are going to be quite different than your fellow leader in the Information Technology department. This is where we want to emphasize a major point:

The leader of HR, does not possess the same domain knowledge that the IT leader has, with respect to risks to the confidentiality, integrity and assurance of information stored in a Virtual Machine VM) at a third-party data center. Just as the IT leader, does not possess the same domain knowledge that the HR leader has, with respect to the employees who have just given their two week notice. Therefore, since both are accountable and responsible for their specific domain roles to mitigate risks to the security of the enterprise, how do they share information, collaborate and operate simultaneously to ensure the safety and security of the organization?

In order to act with unity of purpose throughout the global enterprise, each of these domains must be able to operate seamlessly, within the context of the larger enterprise ecosystem. The leaders and stewards of the security risk profession must continue to adapt and continuously improve the decision advantage of the vast knowledge ecosystem before them. The cultural and behavioral attributes of this ecosystem, can be a single point of failure that continues to plague our non government organizations, our private industry sectors and even our country.

What if your only role and job inside your particular organization was to make sure that information is being shared on operational risks? How would you accomplish this? How would you organize the mechanisms in each department for collection and dissemination of relevant information, to the other security risk professionals in the enterprise? Believe us when we say that the answer is not another digital dashboard or wiki.

On September 30th, 2012, the 2nd season of the hit Showtime Television series "Homeland" aired in the United States. The writers for this first episode of the season with Emmy winner Claire Danes, made a reference in the script at one point, that brought back horrific memories of a failure of U.S. operational security.

This single mention in the script by the "Homeland" writers of this devastating event in history, should remind us all once again, that people, culture and the soft skills of communication, can and will be our most deadly vulnerability. As a result of this set of cascading circumstances, five more stars are now on a wall in Langley. This is another stark reminder of how personalities, power base and trust of information, can still fool us into a social engineering nightmare.

The future "Leadership of Security Risk Professionals" will use this event at FOB Chapman as a classic case study. In order to enhance the effectiveness of the field specialists and the C-Suite, they must improve their ability to operate in a continuously dynamic sea of cultural behaviors, within a vast and expanding knowledge ecosystem.

07 October 2017

The "Art and Science" of Leadership in disconnected environments is
challenging to say the least. The science might be initially enabled by
the utilization of technology-based platforms including mobile
smartphones, Cloud and even SATCOM capabilities.

The
art or "How" of leading teams in a geographically dispersed area, across
hierarchies of people with precision and speed is the hard problem. The
problem-set for so many growing organizations today. How do you create a
leadership mechanism with the right "Linchpins," to enable trust and
simultaneously execute vital tasks, across silos with a single purposeful mission?

Frankly,
it is quite complex. Yet there are proven methodologies and proven
technologies, that will quickly jump start and improve your teams
problem-solving abilities and to gain "shared consciousness." It all begins with the
leaders implementing a single organizational lens to view the enterprise architecture or operational landscape before them and communicate what they have experienced, witnessed and accomplished.

The
shared "Network" of people, systems, philosophy, experience and purposeful mission
is paramount to success. The moving pieces of the network both human
and technological or operational, work independently and yet they are
becoming a single adaptive entity.

Building and
enabling trust across domains, working groups, operators and the
significant distance between horizontal or vertical communication, is
now the nexus of the "Art and Science" of Leadership. You have probably
read countless books and seen inspiring talks, by people who have done
it all, experienced it all and still to this day will admit, that the
human organizational issues still keep them from sound sleep at night.

Will
those individuals who are in front of the problem-set on your team, act without
hesitation? Do they have the best possible information at their finger
tips to make the "Trust Decisions" to achieve their objective? How will
the outcomes of their actions build on the entire teams goals and
aspirations?

Whether your team is a family, a work
group, the neighborhood, a company, a municipality or an agency doesn't
really matter. The people, processes, systems and external events are
going to continuously challenge the intended forward direction.

So what?

This
is all great, yet it sounds like we are describing environments where
all of this leadership action is taking place in a purely physical world. What
happens when 99% of it is happening in a "virtual space?"

Inside
the virtual computing consciousness of the global Internet, across a
domain of space made possible by Virtual Machines (VM), solid-state storage and the software comprised of just Zeros (0) and Ones (1).
Now just add billions of interconnected (IP) devices.

The good
news is, that much of this virtual environment still requires having human intervention and
human participation. Simultaneously, through global systems automation and use of
Bots, Artificial Intelligence (AI) and other autonomous "Machine Learning" inventions are now on our doorstep. This is our new reality:

The
speed that the autonomous machines are making decisions and the
abilities they are gaining in shared consciousness, is in most cases
beyond human understanding. The global organizational and national
security implications are gaining momentum.

So
what does leadership need next, for us to survive the remarkable velocity of our Trust Decisions, in an exponential
virtual world? How do we put it all in perspective? What are the remaining unanswered questions? Author Jeffrey Ritter gives us his insightful context from decades of experience:

"It
is essential to our human nature to make trust decisions. The Net has
become essential to our existence. Whether or not this book
prescribes the right direction, we will not survive as a global
community unless we commit to a new architecture that enables trust in
the digital assets of our world to be established and maintained. The
solution, I believe, is found in understanding that trust is the
essential predicate to the creation of new wealth. Working
collaboratively, the world’s population can achieve both trust and
wealth.

From my earliest work with the United Nations, I have
recognized that the greatest potential of the Net is its ability to
enable any of us to trade with anyone else. Trade inherently creates
wealth for all of the participants. The curious thing about trade is
that, when it proceeds properly, enriching all stakeholders, trade is
the ultimate dis-incentive for war. We simply are reluctant to do battle
against those with whom we do business. If digital trust can expand our
capacities to trade, and connect us effectively into a broader network
with whom we can trade, the strongest possible incentives for sustaining
peace emerge. That is my fondest hope for the Net, that it will be the
infrastructure for enabling global co-existence. To achieve that dream,
we must build digital trust."

01 October 2017

You are out there helping and assisting a loved one or another person in need. Your life has been a virtual maize of daily pathways and encounters, to where you are now. Where, when and how will the next chapter unfold?

Our lives are a series of experiences, encounters, actions and reactions. We each wake up each day with the unknown. How will this day allow for creative thought, fulfilling dialogue, warm and loving feelings and maybe even just that perfect cup of coffee?

One thing is certain this new day of your life. You have choices to make. You are going to be challenged with new information to assess, analyze and then to make an informed decision. The "Trust Decisions" that you process and act upon are human.

What about the TrustDecisions that are being executed by the millions of machine code and computers, that now permeate so much of our lives? These devices to navigate you and your vehicles, silicon-based systems to calculate new found wealth or manufacture new goods or services. The lines of program code in the software and at the heart of the hand-held machine you trust for communications, location or music, was designed and written by another human.

Or was it?

Prepare yourself for the next generation of TrustDecisions that are being executed by computers and machines, that were designed and written only by other very intelligent non-human systems. Perhaps you will trust these inventions and the capabilities they provide, even more than you ever have in the past. Artificial Intelligence is real.

It is the look on another persons face, the tone of your child's voice or the warm touch from your most precious loved one that really matters in life however. Where will this day end up? What will you do to make this day even better than yesterday in your life?

At some point you realize that you alone are responsible and capable of that next hour of joy or sorrow in your life. You have the ability and the capacity to assist someone else in need, to contribute resources or knowledge that can change another humans course in life.

Somewhere along the way, you finally understood that you really are not in complete control. From the day you were born, until today, October 1 2017, you have watched your life journey unfold before you. How much of it has been all because you made the correct TrustDecisions?

The milestones of life are never guaranteed. The perfect parents, the perfect friends, the perfect schools and teachers, the perfect spouse, the perfect kid(s), the perfect career, or even the perfect cup of coffee.

Yet today brings another life opportunity before you. A new day to truly look around. Think quickly about what your actions will be next. To make a decision. To act upon this with all your heart and mind. Then to look to the sky and say a prayer.

24 September 2017

In November 2007, the "Insider Threat" was on the minds of Global Security Executives that year as evidenced by a half day emphasis on the current trends and issues. We wonder what will have changed over a decade later, at the 2017 OSAC Annual Briefing.

In any global enterprise doing business across multiple continents with a diversity of personnel comprised of expats and country nationals; you can bet on being consistently subjected to the operational risks instigated by people. Fraud, embezzlement, conflicts of interest, economic espionage, workplace violence and disruption of business schemes are the norm.

In a converging organization with outsourced services around every corner, the enterprise becomes more disjointed and incapable of a continuous level of readiness or preparedness to the next organized plot by the insider.

So back to square one. Keep an eye on your employees, contractors and suppliers. Run those new employee awareness sessions and lock down the access to sensitive corporate assets. Now do it again with the same budget we gave you last year!

You can just see these great patriots from all over the world searching for the answer to their continuous woes as a Global Security Director. It's a thankless position and severely underfunded in a time when the threats are increasing exponentially.

In evaluating the current information security, regulatory and legal environment, consider these five key flaws with today’s ORM solution programs:

1. Dependence on inadequate and incomplete technology-based point solutions;

2. Failure to integrate people, process and systems into an effective and comprehensive operational risk program;

3. Lack of adequate decision support and an actionable understanding of the threat to the entire spectrum of corporate assets;

4. Reactive response to perceived problems rather than proactive initiatives based on sound risk management principles; and

5. Cost and shortage of properly skilled IT personnel to support the programs.

The Gartner Group has identified three major questions that executives and boards of directors need to answer when confronting significant issues:

Is your policy enforced fairly, consistently and legally across the enterprise.

Would our employees, contractors and partners know if a violation was being committed?

Would they know what to do about it if they did recognize a violation?

If you don't know the answers to these questions, then there is much more work to do and much more strategic planning necessary before any software or system is implemented for Operational Risk Management.

Perhaps it is time for the Private Sector to get serious about the "Insider Threat." The U.S. Department of Defense has been on point with the issue now for years:

The Defense Department is preparing to add 500,000 employees to its
continuous evaluation pilot by Jan. 1 as part of DoD’s effort to add
rigor to the security clearance process.

Daniel Payne, the director of the Defense Security Services, said
Sept. 20 that the additional half-million employees would bring the
total uniformed and civilian employees enrolled in continuous evaluation
to 1 million. There are more than 4.3 million cleared employees and
service members across the government, including 1.3 million at the
top-secret level, according to the Office of the Director of National
Intelligence’s 2015 report.

Yet, in the back of everyone's mind is still the possibility
of being connected with a significant terrorist incident. What these
CxO's are looking for, are the means to gain a larger budget for their
departments and to be able to invest in new "Insider Threat"
technologies and tools.

Human behavior will always be the center of the
controversy on whether these new systems will be able to mitigate the
insider threat any more efficiently or effectively...

17 September 2017

There is a tremendous amount of buzz and focus on innovation these days, especially around the .gov and .mil ecosystems. The Defense and Intelligence domains are in a race and competition for increased velocity in procurement, adoption of new or updated systems, talented people and the implementation of state-of-the-art Commercial-Off-The-Shelf (COTS) solutions.

Every so often you come across some thought leaders like the Defense Entrepreneurs Forum (DEF), that know what true innovation means. They get it. The membership understands that innovation does not always = technology alone. The process of innovation and the people who surround it will tell you, that many prototypes of new innovation do not always include semiconductors, transistors or gigahertz.

When you combine the nodes of an ecosystem of smart people, devoted to increasing velocity in the defense and intelligence communities, there will be inspiration, connection and empowerment. Each one of these nodes is vital, yet they grow and sustain themselves independently. Working together however, they will provide our national security institutions additional resources, insight and outside the agency expertise.

The bottom line up front is that as a participant, you witnessed first hand, that people with outstanding ideas with a similar mission and the genuine enthusiasm for improving United States National Security is increasing velocity. In greater numbers, momentum and thought leadership. The Defense Entrepreneurs Forum (DEF) is now in it's 5th year and is a best kept secret no longer.

So what? What is DEF’s goal?

"We believe that the complexity of national security necessitates Defense professionals with innovative solutions. We believe that great ideas do not depend on rank and that creative problem solving cannot be developed rapidly. Today’s junior and mid-grade Defense professionals will be the future military leadership of this country.

Inspire: By attracting diverse, passionate, and innovative individuals, DEF inspires individuals through a community of like-minded national security innovators.

Connect: In person and virtually, DEF is a network that connects innovative thinkers who seek to improve on the status quo and educates them on how to do this.

Empower: Through a variety of methods--from idea generation to senior-leader engagement--DEF empowers junior leaders to be change agents in national security."

The innovation mindset is only part of the equation. You need people with the context, experience and ambition to make a real difference. Those who are seeking new ideas, new talent and new methodologies for increasing velocity. People who want to contribute time, resources and intellectual thought leadership.

As the wheels went up on the dawn of a new day over Austin, TX our plane headed North East. The future is bright for U.S. National Security. Trust is in the wind and the Defense Entrepreneurs Forum is accelerating...

09 September 2017

Walking across the River Thames over a bridge in London, you can see several signs of resilience, if you look carefully. This city has listened to air raid sirens, bombs exploding and witnessed vehicles running over pedestrians in a pure act of terror over the past seven decades and beyond.

Big Ben was strangely silent, for maintenance and restoration work. Yet the citizens of the area and tourists alike were anxious to make it past the new vehicle barriers, to reach the other side. Resilience runs deep in London and you can see it on the faces of those who call it home.

To endure hardship, disappointment, disability, destruction and years of abandoned dreams is just part of life. Some cities across the globe have endured and stayed vigilant. They have learned the art and science of resilience, so that their citizens can carry on, no matter what the negative forces may be.

Across any major continent you will find examples of places and people who have endured and remained resilient. To the wrath of Mother Nature or the evil deeds of other human beings. Whether it is Houston, Texas or New York City, London or Berlin doesn't really matter. The examples of resilience are personified in granite, museums and historical sites with the names and faces of resilient people.

Yet as the train pulled out of Euston Station towards Edinburgh, the city fades into rolling farms and wooded forests, thousands of sheep dot the hillsides. People living outside the city still have their own challenges and battles with everyday life. They too must adapt and encourage resilience.

A crop that never makes it to harvest due to a fungal disease or live stock threats from liver fluke, are just a few threats that farmers and ranchers must plan for and respond to, in order to lower the risk of loss. So should you find yourself in the countryside or in the middle of the city looking up at the Edinburgh Castle, here is a standard six-step process to endure and remain vigilant:

IDENTIFY

ASSESS

DECIDE

IMPLEMENT

AUDIT

SUPERVISE

These steps in the process are not some new invention. Others have invented variations such as the OODA Loop. The point is that even Plan-Do-Check-Act (PDCA) will provide a continuous cycle for the city dweller or the countryman, the banker or the fighter pilot. The hedge fund manager or the venture capitalist.

So what?

The likelihood is that you to have witnessed operational failure. You have felt the emotion of severe loss of life. You have been part of a life or business scenario, that has brought you to a point when you have lashed out at those you love, or brought you to your knees looking to the sky.

Beyond your faith and wishful or positive mental attitude, you only have your proven process left to work with, to endure, to be resilient. The continuous cycle will keep you heading in the only direction you have and that is, to the next step in that cycle. When you skip a step or have missed one altogether, you are simply opening yourself up to increased exposure of loss or even complete failure.

27 August 2017

Fear is a paralyzing condition. What sometimes can paralyze some people, often motivates others. Think about it. What are you afraid of? When was the last time you felt so paralyzed with fear that you either couldn't move or it pumped you up so much that the adrenaline took over and made you do things that you never thought were possible.

Where is your courage today? Hiding out for the day it seems safe? You are going to be waiting a long time. There is no such time or space where it is safe. In the board room or on your battle field, the world is looking for leaders and people with courage.

Often times the answer is action, regardless of the threat. This in itself is a sign to show your foe that you are aware of the threat and will not only respond, but mitigate any operational risk.

It takes courage to pursue the unpopular agenda. Whether it is to save lives, save investors, or save precious physical or digital assets, the game is the same. Those who decide to do nothing in the face of an obvious threat, have nothing but paralysis. Those who decide to do something, dig deep to find the purpose and justification for their actions.

Once you find courage, it's very hard to turn the other way. Paralysis becomes so foreign that whenever you feel even a little unresponsive, you compensate the other direction almost by instinct.

If you spend enough time around courageous people, it starts to rub off on you. If you still don't have the bug, then you must not be surrounding yourself with those who can take fear by storm. What are you afraid of?

As Steve Farber would say, you need some more OS!M's....Once you have enough of these to know that you won't freeze, then you are well on your way to really making a difference on this rock. If you are not there yet, then now is a good time to start speeding up your OS!M's for all of the children of our fallen heroes.

Here is a good example:

Over six years ago this month, Elite Navy SEAL, Aaron Carson Vaughn, was killed August 6, 2011 when a Chinook chopper carrying 30 American troops was shot down in Afghanistan.

In their grief and with a desire to do something that would honor Aaron's legacy, his family chose to start Operation 300.

Operation 300 is a non-profit foundation designed to create a week long experience for children who have lost their fathers as a result of service to our country.

The camp will provide an opportunity to participate in activities that embody the spirit of adventure that characterized the lives of their absent fathers while fostering a culture of courage, strength, freedom, endurance, honor and godly morality embodied by fearless patriots throughout the history of our American Republic.

About

Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institutions activities.

"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing." --E. Burke